Configuring Sentry and Hive for File-based Storage Mode

When Sentry operates in file-based storage mode, it works as a batch of java-libraries that are used by Hive. It does not run as a service and is not integrated with Warden or with the MapR Control System. Sentry only runs as a service when you choose the database storage model.

These instructions explain how to configure Hive to use Sentry in file-based storage mode.

Edit the hive-site.xml file (located at /opt/mapr/hive/hive-<version>/conf) and set properties as shown:

If <file-name>.ini is stored at MapR-FS, the URL should start with 'maprfs:///'.

Restart impalaserver, impalastore, and impalacatalog.

The global-policy.ini File

The default global-policy.ini file defines the admin_role, which gives full access to the Hiveserver2 server for the mapr user. The file is located in /opt/mapr/sentry/sentry-<version>/conf in your local file system. You can relocate the file to MapR-FS if you prefer. By default, this file contains these sections:

[groups]
mapr = admin_role
[roles]
admin_role = server=HS2

You can also define separate policy files for a particular database, where you specify roles and privileges for that database. Database-specific roles and privileges are defined in a [databases] section, as shown in these examples: